A Domain Specific Language in which Authentication/Authorization control is Enabled

• Project/Area Number: 23500079
• Research Category: Grant-in-Aid for Scientific Research (C)
• Allocation Type: Multi-year Fund
• Section: 一般
• Research Field: Computer system/Network
• Research Institution: The University of Tokyo
• Principal Investigator: SATO Hiroyuki 東京大学, 情報基盤センター, 准教授 (20225999)
• Project Period (FY): 2011 – 2013
• Project Status: Completed (Fiscal Year 2013)
• Budget Amount: ¥5,070,000 (Direct Cost: ¥3,900,000、Indirect Cost: ¥1,170,000); Fiscal Year 2013: ¥1,040,000 (Direct Cost: ¥800,000、Indirect Cost: ¥240,000); Fiscal Year 2012: ¥2,340,000 (Direct Cost: ¥1,800,000、Indirect Cost: ¥540,000); Fiscal Year 2011: ¥1,690,000 (Direct Cost: ¥1,300,000、Indirect Cost: ¥390,000)
• Keywords: 認証 / ワークフロー / ポリシー調停 / トラスト / セキュリティ / プライバシー / ポリシー評価 / Trust Elevation / MapReduce / 認証・権限情報 / 特定ドメイン言語

Research Abstract

We have proposed (1) a (cloud) trust model in which a workflow is deployed,(2)a trust elevation model in which low LoA informations are colledted to elevate to a higher LoA, and made some analysis on trust elevation, (3) a control system of MapReduce in which insecure programs are not allowed to execute, and (4) a policy consumption Web service architecture in which participants evaluate and negotiate the policies of the peers, and decide to subscribe services for oneselves. Those are all component functions of workflow. Having focused on the design and prototype implementation of those components, we have achieved the design and analysis of high functionality components in a workflow.

Research Products

• [Journal Article] A Policy Consumption Architecture that enablesDynamic and Fine Policy Management (2014)
  • Author(s): SATO, Hiroyuki, TANIMOTO Shigeaki, KANAI Atsushi
  • Journal Title: Proceedings of 3rd ASE Int'l Conf Cyber Security Volume: (to be published)
• [Journal Article] A Policy Consumption Architecture that enablesDynamic and Fine Policy Management (2014)
  • Author(s): SATO Hiroyuki, TANIMOTO Shigeaki, KANAI Atsushi
  • Journal Title: CyberSecurity 2014 Volume: 3
  • Peer Reviewed
• [Journal Article] A Study of Data Management in Hybrid Cloud (2013)
  • Author(s): Shigeaki Tanimoto, Yorihiro Sakurada, Yoshiaki SEKI, Motoi Iwashita, Hiroyuki Sato, Atsushi Kanai
  • Journal Title: Configuration, Computer Information Science Volume: Vol. 492 Pages: 247-257
  • DOI: 10.1109/snpd.2013.22
  • Peer Reviewed
• [Journal Article] ビッグデータを活用したサービスに関するリスクアセスメント (2013)
  • Author(s): 谷本茂明, 関良明, 岩下基, 佐藤周行, 金井敦
  • Journal Title: 電子情報通信学会論文誌 A Volume: Vol.J96-A, No. 4 Pages: 189-194
  • NAID: 110009596936
  • URL: http://ci.nii.ac.jp/naid/110009596936
• [Journal Article] 参加者ごとに異なるポリシーを反映可能な認証フェデレーション機構の実現 (2013)
  • Author(s): 西村 健, 中村 素典, 山地 一禎, 佐藤周行, 大谷 誠, 岡部 寿男, 曽根原 登
  • Journal Title: 電子情報通信学会論文誌D Volume: Vol.J96-D, No. 6 Pages: 1400-1412
  • URL: http://ci.nii.ac.jp/naid/110009611652
• [Journal Article] Privacy Enhancing Proxies in Attribute Releases (2013)
  • Author(s): SATO, Hiroyuki, OKABE, Yasuo, NISHIMURA, Takeshi, YAMAJI, Kazutsuna, NAKAMURA, Motonori
  • Journal Title: Two Approaches, COMPSAC W(MidArch 2013) Pages: 379-384
  • DOI: 10.1109/compsacw.2013.65
• [Journal Article] Privacy Preserved Attribute Aggregation to Avoid Correlation of User Activities Across Shibboleth SPs (2013)
  • Author(s): Motonori Nakamura, Takeshi Nishimura, Kazutsuna Yamaji, Hiroyuki Sato, Yasuo Okabe
  • Journal Title: COMPSAC W(MidArch 2013) Pages: 367-372
  • DOI: 10.1109/compsacw.2013.52
• [Journal Article] A File-distribution Approach to Achieve High Availability and Confidentiality for Data Storage on Multi-cloud (2013)
  • Author(s): Yuuki KAJIURA, Atsushi KANAI, Hiroyuki SATO, Shigeaki TANIMOTO
  • Journal Title: COMPSAC W(SAPSE 2013) Volume: 37 Pages: 212-217
  • DOI: 10.1109/compsacw.2013.125
  • Peer Reviewed
• [Journal Article] 参加者ごとに異なるポリシーを反映可能な認証フェデレーション機構の実現 (2013)
  • Author(s): 西村 健, 中村 素典, 山地 一禎, 佐藤 周行, 大谷 誠, 岡部 寿男, 曽根原 登
  • Journal Title: 電子情報通信学会論文誌D Volume: Vol.J96-D, No. 6
  • Peer Reviewed
• [Journal Article] Privacy Enhancing Proxies in Attribute Releases: Two Approaches (2013)
  • Author(s): SATO, Hiroyuki, OKABE, Yasuo, NISHIMURA, Takeshi, YAMAJI, Kazutsuna, NAKAMURA, Motonori
  • Journal Title: IEEE Computer Software and Applications Workshops Volume: MidArch
  • Peer Reviewed
• [Journal Article] Privacy Preserved Attribute Aggregation to Avoid Correlation of User Activities Across Shibboleth SPs (2013)
  • Author(s): Motonori Nakamura, Takeshi Nishimura, Kazutsuna Yamaji, Hiroyuki Sato, Yasuo Okabe
  • Journal Title: IEEE Computer Software and Applications Workshops Volume: MidArch
  • Peer Reviewed
• [Journal Article] A File-distribution Approach to Achieve High Availability and Confidentiality for Data Storage on Multi-cloud (2013)
  • Author(s): Yuuki KAJIURA, Atsushi KANAI, Hiroyuki SATO, Shigeaki TANIMOTO
  • Journal Title: IEEE Computer Software and Applications Workshops Volume: SAPSE
  • Peer Reviewed
• [Journal Article] Information Security Management System with Physical Security - Improvement of Risk Recognition Function with Multi-sensor (2013)
  • Author(s): Shoichi Yoneda, Shun Makino, Shigeaki Tanimoto, Hiroyuki Sato, Atsushi Kanai
  • Journal Title: Proceedings of International Conference on Project Management Volume: 7
  • Peer Reviewed
• [Journal Article] Improving Automatic Centralization by Version Separation (2013)
  • Author(s): Lei Ma, Cyrille Artho, Hiroyuki Sato
  • Journal Title: 情報処理学会論文誌（PRO） Volume: 6(4)
  • NAID: 130003393167
  • Peer Reviewed
• [Journal Article] Alternation methodology of schedule information on public cloud for preserving privacy (2012)
  • Author(s): Tatsuya Miyagami, Atsushi Kanai, Noriaki Saito, Shigeaki Tanimoto, Hiroyuki Sato
  • Journal Title: Proceedings of IARIA International Conference on Digital Society Pages: 132-139
  • URL: http://www.thinkmind.org/index.php?view=article&articleid=icds_2012_6_20_10103
• [Journal Article] Quantifying Cost Structure of Campus PKI Based on Estimation and Actual Measurement (2012)
  • Author(s): Shigeaki Tanimoto, Masahiko Yokoi, Hiroyuki Sato, Astushi Kanai
  • Journal Title: Journal of Information Processing Volume: 20 Issue: 3 Pages: 640-648
  • DOI: 10.2197/ipsjjip.20.640
  • NAID: 130002116371
  • ISSN: 1882-6652
  • Peer Reviewed
• [Journal Article] A Solution for Privacy Protection in MapReduce (2012)
  • Author(s): Tran Quang, Hiroyuki Sato
  • Journal Title: Proceedings of 36th IEEE International Computer Software and Applications Conference Volume: 2012 IEEE36thCOMPSAC Pages: 515-520
  • DOI: 10.1109/compsac.2012.70
  • Peer Reviewed
• [Journal Article] Analysis of Security of PKI Operation with Multiple CP/CPS Based on Level of Assurance (2012)
  • Author(s): Shigeaki TANIMOTO, Shinichi MIZUHARA, Msasahiko YOKOI, Hiroyuki SATO, Atsushi KANAI
  • Journal Title: Proceedings of IEEE Computer Software and Applications Conference Workshop (Middleware Architecture in the Internet) Pages: 100-105
• [Journal Article] クラウドスケジュールサービスにおける日付偽装のための鍵共有方式の検討 (2012)
  • Author(s): 横谷 百合, 宮上 達矢, 金井 敦, 谷本茂明, 佐藤 周行
  • Journal Title: Proceedings of DPS Workshop 2012 Volume: 30
  • NAID: 170000075452
  • URL: http://id.nii.ac.jp/1001/00090375/
• [Journal Article] クラウドスケジュールサービスにおけるプライバシー保護のための日付偽装方式の評価 (2012)
  • Author(s): 宮上 達矢, 横谷 百合, 金井 敦, 斉藤典明, 谷本 茂明, 佐藤 周行
  • Journal Title: Proc. DPS Workshop 2012 Volume: 31
  • NAID: 170000075453
  • URL: http://id.nii.ac.jp/1001/00090376/
• [Journal Article] A Formal Model of LoA Elevation in Online Trust (2012)
  • Author(s): Sato, Hiroyuki
  • Journal Title: Academy of Science and Engineering Science Journal Volume: 1(4) Pages: 166-178
  • URL: http://ojs.scienceengineering.org/index.php/science/article/view/56/pdf
• [Journal Article] 学術機関のためのサーバ証明書発行フレームワーク (2012)
  • Author(s): 島岡正基, 西村健, 古村隆明, 中村素典, 佐藤周行, 岡部寿男, 曽根原登
  • Journal Title: 電子情報通信学会論文誌 B Volume: J95-B(7)
  • NAID: 10031083955
  • Peer Reviewed
• [Journal Article] A Solution for Privacy Protection in MapReduce (2012)
  • Author(s): Tran Quang, SATO Hiroyuki
  • Journal Title: Proceedings of Computer Software and Applications Volume: 36
  • Peer Reviewed
• [Journal Article] Analysis of Security of PKI Operation with MultipleCP/CPS Based on Level of Assurance (2012)
  • Author(s): Shigeaki TANIMOTO, Shinichi MIZUHARA, Msasahiko YOKOI, Hiroyuki SATO, Atsushi KANAI
  • Journal Title: Proceedings of Computer Software and Applications W(MidArch) Volume: 36
  • Peer Reviewed
• [Journal Article] クラウドスケジュールサービスにおける日付偽装のための鍵共有方式の検討 (2012)
  • Author(s): 横谷 百合, 宮上 達矢, 金井 敦, 谷本 茂明, 佐藤 周行
  • Journal Title: Proc. DPS Workshop 2012 Volume: 2012 Pages: 30-30
  • NAID: 170000075452
  • Peer Reviewed
• [Journal Article] クラウドスケジュールサービスにおけるプライバシー保護のための日付偽装方式の評価 (2012)
  • Author(s): 宮上 達矢, 横谷 百合, 金井 敦, 斉藤 典明, 谷本 茂明, 佐藤 周行
  • Journal Title: Proc. DPS Workshop 2012 Volume: 2012 Pages: 31-31
  • NAID: 170000075453
  • Peer Reviewed
• [Journal Article] A Formal Model of LoA Elavation in Online Trust (2012)
  • Author(s): Hiroyuki Sato
  • Journal Title: ASE Science Journal Volume: 1(4)
  • Peer Reviewed
• [Journal Article] Building a Security Aware Cloud by Extending Internal Control to Cloud (2011)
  • Author(s): SATO Hiroyuki, Kanai Atsushi, Tanimoto Shigeaki
  • Journal Title: Proceedings of 10th IEEE International Symposium on Autonomous Decentralized Systems (ISADS 2011) Pages: 323-326
  • DOI: 10.1109/isads.2011.48
• [Journal Article] Risk Management on the Security Problem in Cloud Computing, Proceedings of Conference on Computers (2011)
  • Author(s): Shigeaki Tanimoto, Manami Hiramoro, Motoi Iwashita, Hiroyuki Sato, Atsushi Kanai
  • Journal Title: Networks, Systems and Industrial Engineering (CNSI 2011) Pages: 147-152
  • DOI: 10.1109/cnsi.2011.82
• [Journal Article] Graded Trust of Certificates and Its Management with Extended Path Validation (2011)
  • Author(s): SATO Hiroyuki, KUBO Akira
  • Journal Title: Journal of Information Processing Volume: 19 Pages: 263-273
  • DOI: 10.2197/ipsjjip.19.263
  • NAID: 130000765215
  • ISSN: 1882-6652
• [Journal Article] Quantifying Cost Structure of Campus PKI (2011)
  • Author(s): Shigeaki Tanimoto, Masahiko Yokoi, Hiroyuki Sato, Atsushi Kanai
  • Journal Title: Proceedings of 11th IPSJ/IEEE International Symposium on Applications and the Internet (SAINT), MIDARCH 2011 Pages: 315-320
• [Journal Article] Federated Authentication in a Hierarchy of IdPs by using Shibboleth (2011)
  • Author(s): SATO Hiroyuki, NISHIMURA Takeshi
  • Journal Title: Proceedings of 11th ISPJ/IEEE International Symposium on Applications and the Internet (SAINT), MIDARCH 2011 Pages: 327-332
• [Journal Article] A New Formula of Information Security Risk Analysis that takes Risk Improvement Factor into Account (2011)
  • Author(s): SATO Hiroyuki
  • Journal Title: Proceedings of IEEE 3rd International Conference on Privacy, Security, Risk and Trust Pages: 1243-1248
  • DOI: 10.1109/passat/socialcom.2011.44
• [Journal Article] 情報資産価値を用いた最適保存先決定手法 (2011)
  • Author(s): 藤巻文孝, 金井敦, 斉藤典明, 谷本茂明, 佐藤周行
  • Journal Title: 情報処理学会 第19回 マルチメディア通信と分散処理ワークショッ プ (DPSWS2011) Pages: 200-207
  • NAID: 170000074991
  • URL: http://id.nii.ac.jp/1001/00089881/
• [Journal Article] Building a Security Aware Cloud by Extending Internal Control to Cloud (2011)
  • Author(s): Sato, H., Kanai, A., Tanimoto, S
  • Journal Title: Proc. 2011 Tenth International Symposium on Autonomous Decentralized Systems Volume: 11
  • Peer Reviewed
• [Journal Article] Risk Management on the Security Problem in Cloud Computing, (2011)
  • Author(s): Shigeaki Tanimoto, Manami Hiramoro, Motoi Iwashita, Hiroyuki Sato, Atsushi Kanai
  • Journal Title: Proc. Conference on Computers, Networks, Systems and Industrial Engineering (CNSI 2011) Volume: 1
  • Peer Reviewed
• [Journal Article] Graded Trust of Certificates and its Management with Extended Path Validation (2011)
  • Author(s): Sato, H., Kubo, A.
  • Journal Title: Journal of Information Processing Volume: 19
  • NAID: 130000969417
  • Peer Reviewed
• [Journal Article] Federated Authentication in a Hierarchy of IdPs by using Shibboleth (2011)
  • Author(s): SATO, H., NISHIMURA, T
  • Journal Title: Proc. 11th Int'l Symp. Applications and the Internet (SAINT), MIDARCH 2011 Volume: 11
  • Peer Reviewed
• [Journal Article] A New Formula of Information Security Risk Analysis that takes Risk Improvement Factor into Account (2011)
  • Author(s): SATO, H
  • Journal Title: Proc. IEEE 3rd Int'l Conf. Privacy, Security, Risk and Trust Volume: 3
  • Peer Reviewed
• [Presentation] ダイナミックなクラウド選択のための SLA の XML 化に関する提案 (2014)
  • Author(s): 横谷 百合, 金井 敦, 谷本 茂明, 佐藤周行
  • Organizer: 情報処理学会 第158回DPS研究会
  • Place of Presentation: 東京
  • Year and Date: 2014-03-07
• [Presentation] 属性情報と認可条件を相互に秘匿する認証連携プロキシ (2014)
  • Author(s): 岡部寿男, 佐藤周行, 山地一禎, 中村素典
  • Organizer: 電子情報通信学会第88回インターネットアーキテクチャ研究会
  • Place of Presentation: 加賀市
  • Year and Date: 2014-02-27
• [Presentation] Dynamic and Fine Grained Control of Policies by XMLed Policy management (2014)
  • Author(s): Sato, H., Tanimoto, S., Kanai, A
  • Organizer: 3C2-1, 暗号と情報セキュリティシンポジウム (SCIS)
  • Place of Presentation: 鹿児島
  • Year and Date: 2014-01-23
• [Presentation] 秘密分散を用いたセキュリティ強度可変プロトコルの提案 (2014)
  • Author(s): 五十嵐綾, 金井敦, 谷本茂明, 佐藤周行
  • Organizer: 3F1-1, 暗号と情報セキュリティシンポジウム (SCIS)
  • Place of Presentation: 鹿児島
  • Year and Date: 2014-01-23
• [Presentation] Dynamic and Fine Grained Control of Policies by XMLed Policy management (2014)
  • Author(s): Sato, H., Tanimoto, S., Kanai, A.
  • Organizer: 暗号と情報セキュリティに関するシンポジウム2014
  • Place of Presentation: 鹿児島市 城山観光ホテル
• [Presentation] 属性情報と認可条件を相互に秘匿する認証連携プロキシ (2014)
  • Author(s): 岡部寿男, 佐藤周行, 山地一禎, 中村素典
  • Organizer: 電子情報通信学会 インターネットアーキテクチャ研究会
  • Place of Presentation: 加賀市 山代温泉 瑠璃光
• [Presentation] ダイナミックなクラウド選択のためのSLAのXML化に関する提案 (2014)
  • Author(s): 横谷 百合, 金井 敦, 谷本 茂明, 佐藤周行
  • Organizer: 情報処理学会DPS研究会
  • Place of Presentation: 東京都 明治大学
• [Presentation] 学認における属性交換フレームワーク (2013)
  • Author(s): 島岡正基, 佐藤周行
  • Organizer: コンピュータセキュリティシンポジウム 2013
  • Place of Presentation: 高松
  • Year and Date: 2013-10-22
• [Presentation] 属性提供サーバに対してサービス提供サーバを秘匿する匿名化プロキシ (2013)
  • Author(s): 岡部 寿男, 佐藤 周行, 西村 健, 山地一禎, 中村 素典
  • Organizer: マルチメディア, 分散, 協調とモバイル(DICOMO2013)シンポジウム, 8F-2
  • Place of Presentation: 帯広
  • Year and Date: 2013-07-12
• [Presentation] 情報流通連携のためのオープンなID連携プラットフォームにおけるプライバシー保護機能の高度化 (2013)
  • Author(s): 中村 素典, 西村 健, 山地 一禎, 佐藤周行, 岡部 寿男, 山崎 崇生, 崎村 夏彦
  • Organizer: マルチメディア, 分散, 協調とモバイル(DICOMO2013)シンポジウム, 8F-4
  • Place of Presentation: 帯広
  • Year and Date: 2013-07-12
• [Presentation] PEOFIAMP : Privacy Enhancements for Open Federated identity/Access Management Platforms (2013)
  • Author(s): Motonori NAKAMURA, Takeshi NISHIMURA, Kazu YAMAJI, Hiroyuki SATO, Yasuo OKABE, Takao YAMASAKI, Tsuyoshi MINAMI, Nat SAIKIMURA
  • Organizer: Terena Networking Conference 2013 (Poster)
  • Place of Presentation: Maastricht
  • Year and Date: 2013-06-02
• [Presentation] 学割サービス実現のためのSAML-OpenID ゲートウェイの試作 (2013)
  • Author(s): 中村素典, 西村健, 山地一禎, 佐藤周行, 岡部寿男
  • Organizer: IPSJ IOT 研究会
  • Place of Presentation: 弘前
  • Year and Date: 2013-05-09
• [Presentation] 侵入者の距離によりダイナミックにセキュリティレベルを制御するシステムの検討 (2013)
  • Author(s): 末次 正人, 榎本 真也, 金井 敦, 谷本茂明, 佐藤 周行
  • Organizer: 第154回 情報処理学会 DPS 研究会, 4A-25
  • Place of Presentation: 東京
  • Year and Date: 2013-03-14
• [Presentation] 学割サービス実現のための SAML-OpenID ゲートウェイの試作 (2013)
  • Author(s): 中村素典, 西村健, 山地一禎, 佐藤周行, 岡部寿男
  • Organizer: 情報処理学会 IOT研究会
  • Place of Presentation: 弘前市 弘前大学
• [Presentation] 学認における属性交換フレームワーク (2013)
  • Author(s): 島岡正基, 佐藤周行
  • Organizer: コンピュータセキュリティシンポジウム 2013
  • Place of Presentation: 高松市 かがわ国際会議場
• [Presentation] 侵入者の距離によりダイナミックにセキュリティレベルを制御するシステムの検討 (2013)
  • Author(s): 末次 正人, 榎本 真也, 金井 敦, 谷本 茂明, 佐藤 周行
  • Organizer: 情報処理学会DPS研究会 第154回研究会
  • Place of Presentation: 東京
• [Presentation] MapReduce におけるプライバシーの手法の提案 (2012)
  • Author(s): Tran Quang, 佐藤周行
  • Organizer: 2D1-5E, 暗号と情報セキュリティシンポジウム(SCIS 2012)
  • Place of Presentation: 金沢
  • Year and Date: 2012-01-31
• [Presentation] ダイナミックに制御する情報漏洩対策システムの検討 (2012)
  • Author(s): 榎本真也, 金井 敦, 谷本茂明, 佐藤周行
  • Organizer: 第11回情報科学技術フォーラム(FIT2012)論文集
• [Presentation] Progress of Japanese academic access federation GakuNin in FY2011 –Introduction to LoA (2012)
  • Author(s): Kazu Yamaji, Hiroyuki Sato, Takeshi Nishimura, Motonori Nakamura
  • Organizer: TERENA Networking Conference 2012
  • Place of Presentation: Reykjavik
• [Presentation] 偽装環境によるＰＣ保護と不正操作者情報収集技術の提案 (2012)
  • Author(s): 上村 宗嗣, 金井 敦, 谷本 茂明, 佐藤 周行
  • Organizer: コンピュータセキュリティシンポジウム 2012
  • Place of Presentation: 東京
• [Presentation] MapReduceにおけるプライバシーの手法の提案 (2012)
  • Author(s): Tran Quang, 佐藤周行
  • Organizer: 暗号と情報セキュリティシンポジウム
  • Place of Presentation: 金沢市